diff --git a/bin/hardening/99.1.1.23_disable_usb_devices.sh b/bin/hardening/99.1.1.23_disable_usb_devices.sh
index b3b50c6..000888b 100755
--- a/bin/hardening/99.1.1.23_disable_usb_devices.sh
+++ b/bin/hardening/99.1.1.23_disable_usb_devices.sh
@@ -26,6 +26,8 @@ FILE='/etc/udev/rules.d/10-CIS_99.2_usb_devices.sh'
 # This function will be called if the script status is on enabled / audit mode
 audit() {
     SEARCH_RES=0
+    # if SC2086 is fixed (double quotes) instead of skipped, then shellcheck will complain that double quotes will prevent the loop (SC2066)
+    # shellcheck disable=SC2086
     for FILE_SEARCHED in $FILES_TO_SEARCH; do
         if [ "$SEARCH_RES" = 1 ]; then break; fi
         if $SUDO_CMD test -d "$FILE_SEARCHED"; then
diff --git a/lib/common.sh b/lib/common.sh
index 9c91783..34a6fbe 100644
--- a/lib/common.sh
+++ b/lib/common.sh
@@ -148,5 +148,5 @@ div() {
     fi
     local _r=$(($1$_n / $2))
     _r=${_r:0:-$_d}.${_r: -$_d}
-    echo $_r
+    echo "$_r"
 }
diff --git a/lib/utils.sh b/lib/utils.sh
index b7202b7..23dc710 100644
--- a/lib/utils.sh
+++ b/lib/utils.sh
@@ -11,6 +11,7 @@ has_sysctl_param_expected_result() {
     local SYSCTL_PARAM=$1
     local EXP_RESULT=$2
 
+    # shellcheck disable=SC2319
     if [ "$($SUDO_CMD sysctl "$SYSCTL_PARAM" 2>/dev/null)" = "$SYSCTL_PARAM = $EXP_RESULT" ]; then
         FNRET=0
     elif [ "$?" = 255 ]; then
@@ -35,6 +36,7 @@ set_sysctl_param() {
     local SYSCTL_PARAM=$1
     local VALUE=$2
     debug "Setting $SYSCTL_PARAM to $VALUE"
+    # shellcheck disable=SC2319
     if [ "$(sysctl -w "$SYSCTL_PARAM"="$VALUE" 2>/dev/null)" = "$SYSCTL_PARAM = $VALUE" ]; then
         FNRET=0
     elif [ $? = 255 ]; then
diff --git a/shellcheck/launch_shellcheck.sh b/shellcheck/launch_shellcheck.sh
index cd34f73..ccbefd6 100755
--- a/shellcheck/launch_shellcheck.sh
+++ b/shellcheck/launch_shellcheck.sh
@@ -14,7 +14,8 @@ fi
 for f in $files; do
     if head "$f" | grep -qE "^# run-shellcheck$"; then
         printf "\e[1;36mRunning shellcheck on: %s  \e[0m\n" "$f"
-        if ! /usr/bin/shellcheck --color=always --shell=bash -x --source-path=SCRIPTDIR "$f"; then
+        # SC2317: command unreachable, sometimes has a hard time reaching the command in a function
+        if ! /usr/bin/shellcheck --exclude=SC2317 --color=always --shell=bash -x --source-path=SCRIPTDIR "$f"; then
             retval=$((retval + 1))
         fi
     fi
diff --git a/tests/launch_tests.sh b/tests/launch_tests.sh
index 4d55715..4dc317a 100755
--- a/tests/launch_tests.sh
+++ b/tests/launch_tests.sh
@@ -13,7 +13,7 @@ cleanup_and_exit() {
     if [ "$totalerrors" -eq 255 ]; then
         fatal "RUNTIME ERROR"
     fi
-    exit $totalerrors
+    exit "$totalerrors"
 }
 trap "cleanup_and_exit" EXIT HUP INT
 
@@ -125,7 +125,7 @@ play_consistency_tests() {
         ok "$name logs are identical"
     fi
 
-    if [ 1 -eq $consist_test ]; then
+    if [ 1 -eq "$consist_test" ]; then
         nbfailedconsist=$((nbfailedconsist + 1))
         listfailedconsist="$listfailedconsist $(make_usecase_name "$usecase" consist)"
     fi